Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4504 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2025-04-12 | 2.6 LOW | N/A |
| The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | |||||
| CVE-2011-1663 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0826 | 1 Drupal | 1 Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors. | |||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | |||||
| CVE-2013-6386 | 1 Drupal | 1 Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. | |||||
| CVE-2013-4138 | 2 Alienwp, Drupal | 2 Hatch, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2728 | 2 Drupal, Ronan Dowling | 2 Drupal, Node Hierarchy | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. | |||||
| CVE-2012-4478 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4990 | 2 Drupal, Jrbcs | 2 Drupal, Webform Report | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. | |||||
| CVE-2013-1782 | 2 Devsaran, Drupal | 2 Responsive Blog, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
| CVE-2013-1780 | 2 Devsaran, Drupal | 2 Best Responsive, Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
| CVE-2010-2158 | 2 Drupal, Speedtech | 2 Drupal, Storm | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-5937 | 2 Click2sell, Drupal | 2 Click2sell Suite Module, Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API. | |||||
| CVE-2013-0224 | 2 Drupal, Video Project | 2 Drupal, Video | 2025-04-11 | 4.4 MEDIUM | N/A |
| The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | |||||
| CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2025-04-11 | 5.0 MEDIUM | N/A |
| The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | |||||
| CVE-2010-3094 | 1 Drupal | 1 Drupal | 2025-04-11 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | |||||
| CVE-2010-4521 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. | |||||
| CVE-2012-2154 | 2 Drupal, Kyle Browning | 2 Drupal, Cdn2 Video | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | |||||